On Mon Apr 23 12:49 2001 +0200, Gemeiner, Jan wrote: > I'm trying to set up an openldapserver to authenticate from Linux, Solaris > and AIX clients. > I'm interested in what you have done, but I can't really understand. > > Does this patch make an AIX authentication on an ldap-server? And how? > My collegue told me, that there's absolutely no PAM available for AIX. > How should I implement the patched PAM?? First of all, you need to understand a bit about the way PAM works. Here's the overall structure: +-------------+ +-------------+ +---------------+ | application |--->| PAM library |--->| PAM module(s) | +-------------+ +-------------+ +---------------+ The PAM library provides the glue which allows applications to access any PAM module using a simple API. However, the application still needs to be written using the PAM API in order to make use of it. AIX does not come with PAM, so my patch allows you to build Linux-PAM under AIX. This provides both the PAM library and a common subset of PAM modules. Once you have the library and the PAM modules, you can download and compile many free software packages (such as OpenSSH) with support for PAM under AIX. Although this will allow you to use PAM for third-party software which you compile yourself, the native AIX binaries for things like su and login still don't support PAM. As a result, the only way to get PAM support in these native tools would be to replace the native binaries with home-grown ones that support PAM. (This probably isn't trivial to do, but I'd love to get a copy if anyone manages it...) I hope this clears up some of your confusion. -- Mark D. Roth <roth@feep.net> http://www.feep.net/~roth/
